Differential cryptanalysis is a known plaintext attack on block ciphers that uses two inputs with a constant difference to determine encryption key patterns. The method assigns probabilities to input-output pairs to guess the encryption key. It was developed in the late 1980s to attack DES, but designers work to ensure their code is not vulnerable to this attack.
Differential cryptanalysis is the name of a variety of cryptographic attack methods on block ciphers using a known plaintext attack. Differential cryptanalysis works by encrypting known plaintext or plaintext, using a chosen encryption key to determine how the encryption process works. Two inputs with a constant difference between them are selected, where the difference between the two inputs can be determined by different operations including the use of the eXclusive OR (XOR) operation. When the input pair is run through the differential cryptanalysis code, an output pair is formed using an encryption key. The input is known, so the cryptographer checks for patterns of change in the output.
Once the output is received, the cryptographer assigns probabilities to certain input-output pairs to determine which encryption key caused particular changes in the output pairs. Different encryption keys have different probabilities of certain outputs occurring for each input. These probabilities allow the cryptographer to make informed guesses about various aspects of the key based on input and output patterns.
This method was originally developed in the late 1980s by Eli Bidham and Adi Shamir. It was intended to attack block ciphers and check for weaknesses in the US National Bureau of Standards’ Data Encryption Standard (DES) algorithm, which is used as a federal information processing standard for encrypting unclassified sensitive data. In 1994, Don Coppersmith, one of the IBM software engineers who helped design DES, said that IBM was already familiar with differential cryptanalysis and had been working to make DES resistant to attack.
To correctly determine which encryption key is being used with this process, certain requirements must be met. It is most successful when the cryptographer can choose the plaintext himself and receive the ciphertext out. Differential cryptanalysis is best suited for iterative block ciphers. These types of ciphers encrypt plaintext using the same transformation in multiple turns using a subkey.
Designers of ciphers and cryptographic codes work to ensure that their code is not vulnerable to this known type of attack. One of them is the use of message keys and limitations on the amount of ciphertext received using a single message key. This is a weakness of differential cryptanalysis due to its reliance on large amounts of plaintext.
The differential cryptanalysis method is based on the use of particular tables to choose the input pair. Knowing this, a cryptographic system can protect itself from attack in a number of ways. It doesn’t matter if your code is set up to select from more tables than expected, to select from as many different tables, or to shuffle the table results as soon as the results are determined.
Protect your devices with Threat Protection by NordVPN